CVE-2009-0040

Published: Feb 22, 2009

Modified: Aug 7, 2024

PUBLISHED

Description

The PNG reference library (aka libpng) before 1.0.43, and 1.2.x before 1.2.35, as used in pngcrush and other applications, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file that triggers a free of an uninitialized pointer in (1) the png_read_png function, (2) pCAL chunk handling, or (3) setup of 16-bit gamma tables.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

RHSA-2009:0315

vendor-advisory

x_refsource_REDHAT

SUSE-SA:2009:023

vendor-advisory

x_refsource_SUSE

http://support.apple.com/kb/HT3757

x_refsource_CONFIRM

SUSE-SA:2009:012

vendor-advisory

x_refsource_SUSE

GLSA-200903-28

vendor-advisory

x_refsource_GENTOO

RHSA-2009:0333

vendor-advisory

x_refsource_REDHAT

http://support.apple.com/kb/HT3639

x_refsource_CONFIRM

35386

third-party-advisory

x_refsource_SECUNIA

GLSA-201209-25

vendor-advisory

x_refsource_GENTOO

DSA-1830

vendor-advisory

x_refsource_DEBIAN

ADV-2009-0632

vdb-entry

x_refsource_VUPEN

ADV-2009-1621

vdb-entry

x_refsource_VUPEN

RHSA-2009:0340

vendor-advisory

x_refsource_REDHAT

1020521

vendor-advisory

x_refsource_SUNALERT

http://support.apple.com/kb/HT3549

x_refsource_CONFIRM

ADV-2009-1560

vdb-entry

x_refsource_VUPEN

oval:org.mitre.oval:def:10316

vdb-entry

signature

x_refsource_OVAL

ADV-2009-0469

vdb-entry

x_refsource_VUPEN

34388

third-party-advisory

x_refsource_SECUNIA

ADV-2009-1462

vdb-entry

x_refsource_VUPEN

SSA:2009-083-02

vendor-advisory

x_refsource_SLACKWARE

APPLE-SA-2009-06-08-1

vendor-advisory

x_refsource_APPLE

36096

third-party-advisory

x_refsource_SECUNIA

[png-mng-implement] 20090219 libpng-1.2.35 and libpng-1.0.43 fix security vulnerability

mailing-list

x_refsource_MLIST

http://www.vmware.com/security/advisories/VMSA-2009-0007.html

x_refsource_CONFIRM

RHSA-2009:0325

vendor-advisory

x_refsource_REDHAT

259989

vendor-advisory

x_refsource_SUNALERT

35302

third-party-advisory

x_refsource_SECUNIA

33976

third-party-advisory

x_refsource_SECUNIA

35074

third-party-advisory

x_refsource_SECUNIA

libpng-pointer-arrays-code-execution(48819)

vdb-entry

x_refsource_XF

ADV-2009-1522

vdb-entry

x_refsource_VUPEN

34140

third-party-advisory

x_refsource_SECUNIA

ADV-2009-1451

vdb-entry

x_refsource_VUPEN

APPLE-SA-2009-06-17-1

vendor-advisory

x_refsource_APPLE

FEDORA-2009-2045

vendor-advisory

x_refsource_FEDORA

APPLE-SA-2009-05-12

vendor-advisory

x_refsource_APPLE

SUSE-SR:2009:005

vendor-advisory

x_refsource_SUSE

MDVSA-2009:083

vendor-advisory

x_refsource_MANDRIVA

34464

third-party-advisory

x_refsource_SECUNIA

34272

third-party-advisory

x_refsource_SECUNIA

34210

third-party-advisory

x_refsource_SECUNIA

APPLE-SA-2009-08-05-1

vendor-advisory

x_refsource_APPLE

oval:org.mitre.oval:def:6458

vdb-entry

signature

x_refsource_OVAL

34265

third-party-advisory

x_refsource_SECUNIA

http://wiki.rpath.com/Advisories:rPSA-2009-0046

x_refsource_CONFIRM

34145

third-party-advisory

x_refsource_SECUNIA

20090529 VMSA-2009-0007 VMware Hosted products and ESX and ESXi patches resolve security issues

mailing-list

x_refsource_BUGTRAQ

35379

third-party-advisory

x_refsource_SECUNIA

ADV-2009-0473

vdb-entry

x_refsource_VUPEN

20090821 VMSA-2009-0010 VMware Hosted products update libpng and Apache HTTP Server

mailing-list

x_refsource_BUGTRAQ

34143

third-party-advisory

x_refsource_SECUNIA

FEDORA-2009-2882

vendor-advisory

x_refsource_FEDORA

DSA-1750

vendor-advisory

x_refsource_DEBIAN

FEDORA-2009-2884

vendor-advisory

x_refsource_FEDORA

SSA:2009-083-03

vendor-advisory

x_refsource_SLACKWARE

33970

third-party-advisory

x_refsource_SECUNIA

34137

third-party-advisory

x_refsource_SECUNIA

TA09-133A

third-party-advisory

x_refsource_CERT

[security-announce] 20090820 VMSA-2009-0010 VMware Hosted products update libpng and Apache HTTP Server

mailing-list

x_refsource_MLIST

http://sourceforge.net/project/shownotes.php?group_id=1689&release_id=662441

x_refsource_CONFIRM

34462

third-party-advisory

x_refsource_SECUNIA

http://support.avaya.com/elmodocs2/security/ASA-2009-069.htm

x_refsource_CONFIRM

ADV-2009-1297

vdb-entry

x_refsource_VUPEN

FEDORA-2009-1976

vendor-advisory

x_refsource_FEDORA

http://downloads.sourceforge.net/libpng/libpng-1.2.34-ADVISORY.txt

x_refsource_CONFIRM

VU#649212

third-party-advisory

x_refsource_CERT-VN

34324

third-party-advisory

x_refsource_SECUNIA

20090312 rPSA-2009-0046-1 libpng

mailing-list

x_refsource_BUGTRAQ

34152

third-party-advisory

x_refsource_SECUNIA

MDVSA-2009:075

vendor-advisory

x_refsource_MANDRIVA

33990

vdb-entry

x_refsource_BID

http://support.apple.com/kb/HT3613

x_refsource_CONFIRM

35258

third-party-advisory

x_refsource_SECUNIA

33827

vdb-entry

x_refsource_BID

http://support.avaya.com/elmodocs2/security/ASA-2009-208.htm

x_refsource_CONFIRM

ADV-2009-2172

vdb-entry

x_refsource_VUPEN

TA09-218A

third-party-advisory

x_refsource_CERT

MDVSA-2009:051

vendor-advisory

x_refsource_MANDRIVA

34320

third-party-advisory

x_refsource_SECUNIA

http://support.avaya.com/japple/css/japple?temp.documentID=366362&temp.productID=154235&temp.releaseID=361845&temp.bucketID=126655&PAGE=Document

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2009-0040

Description

Affected Products

References